Hi all,

I'm using the geoip-enrich parser which works fine on one of my servers but not the other. These are the errors I'm getting:

time="13-02-2023 22:01:32" level=error msg="Unable to enrich ip '185.180.143.15'" id=wild-frog name=crowdsecurity/geoip-enrich stage=s02-enrich
time="13-02-2023 22:01:32" level=error msg="Failed to fetch network for 185.180.143.15 : unknown type: 157" id=wild-frog name=crowdsecurity/geoip-enrich stage=s02-enrich

How do I go about debugging this? I'm not really sure where to look.

This error is happening inside the package we use for maxminddb. Odd I never seen this before, could you check the under the data directory listed within /etc/crowdsec/config.yaml you find the maxmind databases

@iiamloz, this is what I have in the data directory:

lrwxrwxrwx    1 root     root            48 Jan 15 12:06 GeoLite2-ASN.mmdb -> /staging/var/lib/crowdsec/data/GeoLite2-ASN.mmdb
lrwxrwxrwx    1 root     root            49 Jan 15 12:06 GeoLite2-City.mmdb -> /staging/var/lib/crowdsec/data/GeoLite2-City.mmdb

eccbb93bef83:/var/lib/crowdsec/data# ls -l /staging/var/lib/crowdsec/data/GeoLite2*
-rw-r--r--    1 root     root       8058142 Feb 14 00:40 /staging/var/lib/crowdsec/data/GeoLite2-ASN.mmdb
-rw-r--r--    1 root     root      69399164 Feb 14 00:40 /staging/var/lib/crowdsec/data/GeoLite2-City.mmdb

I made some changes and updated crowdsec in the meantime, just waiting for another event to happen which triggers this parser.

It seems to be working again after the update 👍 no idea what caused it though

It seems it an issue within the package we use to parse the geodb. If the type is not found it will throw that error but we have no control over that.